Changeset - ff42794006fd
Parent rev.
Child rev.
[Not reviewed]
0 2 0
Jan Kaluza - 14 years ago 2011-08-31 12:58:09
hanzz.k@gmail.com
Print SSLv23 output
2 files changed with 5 insertions and 4 deletions:
include/Swiften/TLS/OpenSSL/OpenSSLServerContext.cpp
4
4
src/transport.cpp
1
0 comments (0 inline, 0 general)
include/Swiften/TLS/OpenSSL/OpenSSLServerContext.cpp
Show inline comments
 
@@ -9,56 +9,56 @@
 
#include <windows.h>
 
#include <wincrypt.h>
 
#endif
 

			




	
	
	
		
 
#include <vector>

			




	
	
	
		
 
#include <openssl/err.h>

			




	
	
	
		
 
#include <openssl/pkcs12.h>

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
#include "Swiften/TLS/OpenSSL/OpenSSLServerContext.h"

			




	
	
	
		
 
#include "Swiften/TLS/OpenSSL/OpenSSLCertificate.h"

			




	
	
	
		
 
#include "Swiften/TLS/PKCS12Certificate.h"

			




	
	
	
		
 

			




	
	
	
		
 
#pragma GCC diagnostic ignored "-Wold-style-cast"

			




	
	
	
		
 

			




	
	
	
		
 
namespace Swift {

			




	
	
	
		
 

			




	
	
	
		
 
static const int MAX_FINISHED_SIZE = 4096;

			




	
	
	
		
 
static const int SSL_READ_BUFFERSIZE = 8192;

			




	
	
	
		
 

			




	
	
	
		
 
static void freeX509Stack(STACK_OF(X509)* stack) {

			




	
	
	
		
 
	sk_X509_free(stack);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
static int _sx_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {

			




	
	
	
		
 
	return 1;

			




	
	
	
		
 
}

			




	
	
	
		
 
// static int _sx_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {

			




	
	
	
		
 
// 	return 1;

			




	
	
	
		
 
// }

			




	
	
	
		
 

			




	
	
	
		
 
OpenSSLServerContext::OpenSSLServerContext() : state_(Start), context_(0), handle_(0), readBIO_(0), writeBIO_(0) {

			




	
	
	
		
 
	ensureLibraryInitialized();

			




	
	
	
		
 
	context_ = SSL_CTX_new(SSLv23_server_method());

			




	
	
	
		
 
	SSL_CTX_set_verify(context_, SSL_VERIFY_PEER, _sx_ssl_verify_callback);

			




	
	
	
		
 
// 	SSL_CTX_set_verify(context_, SSL_VERIFY_PEER, _sx_ssl_verify_callback);

			




	
	
	
		
 

			




	
	
	
		
 
	// Load system certs

			




	
	
	
		
 
#if defined(SWIFTEN_PLATFORM_WINDOWS)

			




	
	
	
		
 
	X509_STORE* store = SSL_CTX_get_cert_store(context_);

			




	
	
	
		
 
	HCERTSTORE systemStore = CertOpenSystemStore(0, "ROOT");

			




	
	
	
		
 
	if (systemStore) {

			




	
	
	
		
 
		PCCERT_CONTEXT certContext = NULL;

			




	
	
	
		
 
		while (true) {

			




	
	
	
		
 
			certContext = CertFindCertificateInStore(systemStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, certContext);

			




	
	
	
		
 
			if (!certContext) {

			




	
	
	
		
 
				break;

			




	
	
	
		
 
			}

			




	
	
	
		
 
			ByteArray certData(certContext->pbCertEncoded, certContext->cbCertEncoded);

			




	
	
	
		
 
			OpenSSLCertificate cert(certData);

			




	
	
	
		
 
			if (store && cert.getInternalX509()) {

			




	
	
	
		
 
				X509_STORE_add_cert(store, cert.getInternalX509().get());

			




	
	
	
		
 
			}

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
	
		
 
#elif !defined(SWIFTEN_PLATFORM_MACOSX)

			




	
	
	
		
 
	SSL_CTX_load_verify_locations(context_, NULL, "/etc/ssl/certs");

			




	
	
	
		
 
#endif

			




	
	
	
		
 
}

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    src/transport.cpp
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -52,48 +52,49 @@ static LoggerPtr logger = Logger::getLogger("Component");

			




	
	
	
		
 
static LoggerPtr logger_xml = Logger::getLogger("Component.XML");

			




	
	
	
		
 

			




	
	
	
		
 
Component::Component(Swift::EventLoop *loop, Swift::NetworkFactories *factories, Config *config, Factory *factory, Transport::UserRegistry *userRegistry) {

			




	
	
	
		
 
	m_component = NULL;

			




	
	
	
		
 
	m_userRegistry = NULL;

			




	
	
	
		
 
	m_server = NULL;

			




	
	
	
		
 
	m_reconnectCount = 0;

			




	
	
	
		
 
	m_config = config;

			




	
	
	
		
 
	m_factory = factory;

			




	
	
	
		
 
	m_loop = loop;

			




	
	
	
		
 
	m_userRegistry = userRegistry;

			




	
	
	
		
 

			




	
	
	
		
 
	m_jid = Swift::JID(CONFIG_STRING(m_config, "service.jid"));

			




	
	
	
		
 

			




	
	
	
		
 
	m_factories = factories;

			




	
	
	
		
 

			




	
	
	
		
 
	m_reconnectTimer = m_factories->getTimerFactory()->createTimer(3000);

			




	
	
	
		
 
	m_reconnectTimer->onTick.connect(bind(&Component::start, this)); 

			




	
	
	
		
 

			




	
	
	
		
 
	if (CONFIG_BOOL(m_config, "service.server_mode")) {

			




	
	
	
		
 
		LOG4CXX_INFO(logger, "Creating component in server mode on port " << CONFIG_INT(m_config, "service.port"));

			




	
	
	
		
 
		m_server = new Swift::Server(loop, m_factories, m_userRegistry, m_jid, CONFIG_INT(m_config, "service.port"));

			




	
	
	
		
 
		if (!CONFIG_STRING(m_config, "service.cert").empty()) {

			




	
	
	
		
 
			LOG4CXX_INFO(logger, "Using PKCS#12 certificate " << CONFIG_STRING(m_config, "service.cert"));

			




	
	
	
		
 
			LOG4CXX_INFO(logger, "SSLv23_server_method used.");

			




	
	
	
		
 
			TLSServerContextFactory *f = new OpenSSLServerContextFactory();

			




	
	
	
		
 
			m_server->addTLSEncryption(f, PKCS12Certificate(CONFIG_STRING(m_config, "service.cert"), createSafeByteArray(CONFIG_STRING(m_config, "service.cert_password"))));

			




	
	
	
		
 
		}

			




	
	
	
		
 
		else {

			




	
	
	
		
 
			LOG4CXX_WARN(logger, "No PKCS#12 certificate used. TLS is disabled.");

			




	
	
	
		
 
		}

			




	
	
	
		
 
// 		m_server->start();

			




	
	
	
		
 
		m_stanzaChannel = m_server->getStanzaChannel();

			




	
	
	
		
 
		m_iqRouter = m_server->getIQRouter();

			




	
	
	
		
 

			




	
	
	
		
 
		m_server->addPayloadParserFactory(new GenericPayloadParserFactory<StorageParser>("private", "jabber:iq:private"));

			




	
	
	
		
 
		m_server->addPayloadParserFactory(new GenericPayloadParserFactory<Swift::AttentionParser>("attention", "urn:xmpp:attention:0"));

			




	
	
	
		
 
		m_server->addPayloadParserFactory(new GenericPayloadParserFactory<Swift::XHTMLIMParser>("html", "http://jabber.org/protocol/xhtml-im"));

			




	
	
	
		
 
		m_server->addPayloadParserFactory(new GenericPayloadParserFactory<Swift::BlockParser>("block", "urn:xmpp:block:0"));

			




	
	
	
		
 
		m_server->addPayloadParserFactory(new GenericPayloadParserFactory<Swift::InvisibleParser>("invisible", "urn:xmpp:invisible:0"));

			




	
	
	
		
 

			




	
	
	
		
 
		m_server->addPayloadSerializer(new Swift::AttentionSerializer());

			




	
	
	
		
 
		m_server->addPayloadSerializer(new Swift::XHTMLIMSerializer());

			




	
	
	
		
 
		m_server->addPayloadSerializer(new Swift::BlockSerializer());

			




	
	
	
		
 
		m_server->addPayloadSerializer(new Swift::InvisibleSerializer());

			




	
	
	
		
 

			




	
	
	
		
 
		m_server->onDataRead.connect(bind(&Component::handleDataRead, this, _1));

			




	
	
	
		
 
		m_server->onDataWritten.connect(bind(&Component::handleDataWritten, this, _1));

			




	
	
	
		
 
	}

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: srv01-1135
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support